« MBS Xojo Plugins, ver… | Home | Scanning Options »

Which versions not to use

For any software out there, the latest version is of course the best version ever released. That is true for our plugins, Xojo and FileMaker. But a lot of people do not use the latest one, but stay with older versions. That is usually fine as we don’t want to change a running system and risk that one change on a component requires other components or scripts to be updated to work again.

But some versions are really not recommended, especially if they have security related issues. In the release notes for every new version, you can learn about what bugs have been fixed. So you know what issues the old software has. Of course in most cases you are not affected and you may never notice the bug existed. To give you three examples:

Xojo
If you send emails with an application built using Xojo 2015r2 with SMTPSecureSocket, you may run into the bug I found: Feedback case 39516. Due to a problem in the secure socket class, the email was transferred unencrypted in some situation. This problem was fixed later in 2015r3, so please do not use 2015r2 and maybe older versions for sending emails over encrypted connections.

FileMaker
The update to FileMaker 16.0.3 fixed the problem where reconnecting to a server could delete all scripts in file. To avoid this bug you should not use older FileMaker 16 releases.
Due to SSL problems in FileMaker 13, all users of FileMaker 13 must use 13.0v9 to be safe.

MBS Plugins
In our plugins we do have a few bug fixes in each release. An important one for Linux was the linking issues we found last year:

MBS FileMaker Plugin for FileMaker Cloud is fixed for version 7.5 (for Xojo in 17.3 plugins). The problem was that in older versions the plugin called a function in the plugin, but as FileMaker already defined a function with the same name, the loader would connect those functions to call the existing ones. The result was that MBS Plugin using CURL functions called the CURL library provided by FileMaker (without SFTP) instead of the built-in library (with SFTP). And both libraries usually have different versions, so you may see unexpected problems. The same happened with Xojo months before, where we got zip, jpeg and png libraries to not be the right ones. So for FileMaker Cloud servers, please do not use MBS Plugin 7.4 or older due to thís specific problem. Same for Xojo where 17.2 and earlier are affected (Linux only).

A second important bug is the boolean result problem in FileMaker, see product issue #711010. If a plugin returns a boolean, FileMaker may evaluate true being false. To work around, we changed MBS Plugin 7.5 to use numbers for booleans always. Using older plugin versions can lead into scripts running differently in debugger!

Old Libraries
Regularly we update our plugins to use the latest versions of various libraries. Libraries for basic stuff like compression (e.g. zlib), encryption (e.g. openssl) or image file reading (e.g. jpeg). By using the older libraries, you risk running into a bug which may cause a crash or allow an hacker to run code in your application.

If you still use FileMaker 11 with the openssl 0.9.8i from 2008 inside, you are at the risk of all the vulnerability found in openssl over the last ten years. Same if you still use REAL Studio which depends on QuickTime for loading pictures on Mac and the old QuickTime stuff hasn't been fixed a lot by Apple. So there may be picture files around, which can crash your app or execute arbitrary code from a hacker.

Recommendation
Please do not stay with old OS, old tools and old plugins. The risks of problems in the software, which have been fixed are quite real. Regularly clients report bugs which have been fixed long ago, but don't reach them as we can't fix older versions remotely. Please keep an eye on the release notes to check whether you are directly affected by any change. Update all tools when your own release cycle starts, so you have time to adjust if needed. Stay safe! The biggest plugin in space...
27 02 18 - 17:26